In this blog CERT.at's employees can post research and thoughts. This is done with least possible oversight, so opinions in blogposts are not necessary opinions of CERT.at

Alternatively you can receive CERT.at's blog as a feed.

Nov 04

Enabling DNSSEC Validation

This week, Comcast announced that they will enable DNSSEC validation on their production resolvers. One thing one might want to keep in mind if you do that:

People make mistakes. Some domain owners will break their DNSSEC signatures. We've seen a good number of these in 1010, including TLDs like ...

Read more
Nov 03

Yet another current fake AV infection

Tiny report of a yet another current fake AV infection which is being spammed out via Email. Warning: do not try to reproduce these results on a Windows PC unless you know what you are doing. As of the time of this writing, the URLs mentioned in this report are live and contain malware. Background Today the following Email (with attached Javascript file) caught my attention:
Read more
Nov 02

Mapping the Malware Web

McAfee published the 2010 "Mapping the Malware Web" report. The explanations and trends in there are worth looking at. More importantly, for us as the CERT, this report is one of the few independent studies which provides us with real numbers on the state of the IT Security game in Austria.

.at is ...

Read more